SlideShare a Scribd company logo

Secure SHell

Download as PPTX, PDF
Ç
Çağrı Çakır

Encrypted command-line communication issue

Technology
1 of 43
Secure SHell Ecrypted command-line communication cagriCOM08 | Information Security
Content @ Definitions @ What SSH Does @ Core SSH programs @ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication @ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding @ Conclusion cagriCOM08 | Information Security
Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards Track SSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006 cagriCOM08 | Information Security
Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards Track SSH Communications Security Corp wikipedia cagriCOM08 | Information Security
Definition-III Structure cagriCOM08 | Information Security
What SSH does SecureSHell handles the set up and generation of an encrypted TCP connection. cagriCOM08 | Information Security
What SSH does: which means… ....... -SSH can handle secure remote logins (ssh) -SSH can handle secure file copy (scp) -SSH can even drive secure FTP (sftp) cagriCOM08 | Information Security
Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh» cagriCOM08 | Information Security
SSH Authentication Methods $ Password $ Public/private keypair $ Host-based authentication cagriCOM08 | Information Security
I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other> cagriCOM08 | Information Security
II Key-pair Authentication Example without SSH Keys you server ssh sshd cagriCOM08 | Information Security
II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keys cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Private Key: id_rsa you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyone cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys cagriCOM08 | Information Security
II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other> cagriCOM08 | Information Security
III Host-based Authentication • Doesn’t require user credentials (password or key) • Provides trust based on hostname and user id • User id on both system has to be the same • Disabled by default -- not that useful cagriCOM08 | Information Security
SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/ cagriCOM08 | Information Security
SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostname cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_key cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2 cagriCOM08 | Information Security
SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step! cagriCOM08 | Information Security
SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2 cagriCOM08 | Information Security
SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session. cagriCOM08 | Information Security
SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IP cagriCOM08 | Information Security
SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel to cagriCOM08 | Information Security
SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> success cagriCOM08 | Information Security
SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port cagriCOM08 | Information Security
SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September cagriCOM08 | Information Security
SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. cagriCOM08 | Information Security
References SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual Güvenli kanallardan iletişim ( SSH ) User Manual http://en.wikipedia.org/wiki/Secure_SHell http://en.wikipedia.org/wiki/Secure_channel http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b http://www.openssh.org/txt/ ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/ http://www.javakursu.net/sshnedir cagriCOM08 | Information Security
Thanks For Attention cagriCOM08

Recommended

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
SSH
SSHSSH
SSHZach Dennis
 
Ssh
SshSsh
SshRaghu nath
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 

Recommended

SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
SSH
SSHSSH
SSHZach Dennis
 
Ssh
SshSsh
SshRaghu nath
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Secure shell ppt
Secure shell pptSecure shell ppt
Secure shell pptsravya raju
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project PresentationAndrew McGarry
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol AMahmmoud Mahdi
 
Ssl https
Ssl httpsSsl https
Ssl httpsAndrada Boldis
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentationraini
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS ProtocolDevang Badrakiya
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsDhananjay Aloorkar
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
Https
HttpsHttps
HttpsPooya Sagharchiha
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
Ssh
SshSsh
SshCarlos J. Brito Abundis
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Httpsshikherwalia
 
Dhcp
DhcpDhcp
DhcpChinmoy Jena
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
HTTPS
HTTPSHTTPS
HTTPSmaroti164
 
Http-protocol
Http-protocolHttp-protocol
Http-protocolToushik Paul
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS Ghanshyam Patel
 
Dhcp
DhcpDhcp
DhcpTapan Khilar
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 

More Related Content

What's hot

Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project PresentationAndrew McGarry
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol AMahmmoud Mahdi
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentationraini
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerNaveen Kumar
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsDhananjay Aloorkar
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Asad Ali
 
ssh.ppt
ssh.pptssh.ppt
ssh.pptjoekr1
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 

What's hot (20)

Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
NTP Project Presentation
NTP Project PresentationNTP Project Presentation
NTP Project Presentation
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
 
Ssl https
Ssl httpsSsl https
Ssl https
 
DHCP Server & Client Presentation
DHCP Server & Client PresentationDHCP Server & Client Presentation
DHCP Server & Client Presentation
 
SSL TLS Protocol
SSL TLS ProtocolSSL TLS Protocol
SSL TLS Protocol
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Radius server,PAP and CHAP Protocols
Radius server,PAP and CHAP ProtocolsRadius server,PAP and CHAP Protocols
Radius server,PAP and CHAP Protocols
 
Kerberos
KerberosKerberos
Kerberos
 
Https
HttpsHttps
Https
 
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
 
ssh.ppt
ssh.pptssh.ppt
ssh.ppt
 
Ssh
SshSsh
Ssh
 
Http vs Https
Http vs HttpsHttp vs Https
Http vs Https
 
Dhcp
DhcpDhcp
Dhcp
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
HTTPS
HTTPSHTTPS
HTTPS
 
Http-protocol
Http-protocolHttp-protocol
Http-protocol
 
SSL And TLS
SSL And TLS SSL And TLS
SSL And TLS
 
Dhcp
DhcpDhcp
Dhcp
 

Viewers also liked

Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unixJavin Paul
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Thoughtworks
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duoJoshua Thijssen
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity TipsKeith Bennett
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awkYogesh Sawant
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processingAnton Arhipov
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line toolsEric Wilson
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHPjikbal
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Philippe Bogaerts
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPMichael Coates
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014iimjobs and hirist
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRadien software
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsBrendan Gregg
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016Brendan Gregg
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 

Viewers also liked (19)

PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Practical Example of grep command in unix
Practical Example of grep command in unixPractical Example of grep command in unix
Practical Example of grep command in unix
 
Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...Web Application Security: Introduction to common classes of security flaws an...
Web Application Security: Introduction to common classes of security flaws an...
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Sed & awk the dynamic duo
Sed & awk the dynamic duoSed & awk the dynamic duo
Sed & awk the dynamic duo
 
Unix Command Line Productivity Tips
Unix Command Line Productivity TipsUnix Command Line Productivity Tips
Unix Command Line Productivity Tips
 
Learning sed and awk
Learning sed and awkLearning sed and awk
Learning sed and awk
 
Practical unix utilities for text processing
Practical unix utilities for text processingPractical unix utilities for text processing
Practical unix utilities for text processing
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Unix command-line tools
Unix command-line toolsUnix command-line tools
Unix command-line tools
 
Web Application Security with PHP
Web Application Security with PHPWeb Application Security with PHP
Web Application Security with PHP
 
Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0Defeating The Network Security Infrastructure V1.0
Defeating The Network Security Infrastructure V1.0
 
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAPVirtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
Virtual Security Lab Setup - OWASP Broken Web Apps, Webgoat, & ZAP
 
Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014Top 100 Linux Interview Questions and Answers 2014
Top 100 Linux Interview Questions and Answers 2014
 
RHCE FINAL Questions and Answers
RHCE FINAL Questions and AnswersRHCE FINAL Questions and Answers
RHCE FINAL Questions and Answers
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Linux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old SecretsLinux Performance Analysis: New Tools and Old Secrets
Linux Performance Analysis: New Tools and Old Secrets
 
Linux Systems Performance 2016
Linux Systems Performance 2016Linux Systems Performance 2016
Linux Systems Performance 2016
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 

Similar to Secure SHell

Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSHVitalii Sharavara
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7VCP Muthukrishna
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOHoàng Hải Nguyễn
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Ssh
SshSsh
Sshgh02
 

Similar to Secure SHell (20)

Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
SSH how to 2011
SSH how to 2011SSH how to 2011
SSH how to 2011
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
How to increase security with SSH
How to increase security with SSHHow to increase security with SSH
How to increase security with SSH
 
SSH.pdf
SSH.pdfSSH.pdf
SSH.pdf
 
Introduction to SSH & PGP
Introduction to SSH & PGPIntroduction to SSH & PGP
Introduction to SSH & PGP
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7How To Setup SSH Keys on CentOS 7
How To Setup SSH Keys on CentOS 7
 
Sshstuff
SshstuffSshstuff
Sshstuff
 
Configure ssh cell
Configure ssh cellConfigure ssh cell
Configure ssh cell
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Configuring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IOConfiguring Secure Shell on Routers and Switches Running Cisco IO
Configuring Secure Shell on Routers and Switches Running Cisco IO
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
SSh_part_1.pptx
SSh_part_1.pptxSSh_part_1.pptx
SSh_part_1.pptx
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Ssh
SshSsh
Ssh
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Secure SHell

  • 1. Secure SHell Ecrypted command-line communication cagriCOM08 | Information Security
  • 2. Content @ Definitions @ What SSH Does @ Core SSH programs @ SSH Authentication Methods @ Password @ Public/private keypair @ Host-based authentication @ SHH Basics @ Configuration Files [CF] @ Secure Logins @ Agent / Key Forwarding @ Enter Agent / Key Forwarding @ Port Forwarding @ Conclusion cagriCOM08 | Information Security
  • 3. Definition-I Common used one «The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network» Ylonen & Lonvick Standards Track SSH Communications Security Corp C. Lonvick, Ed. Cisco Systems, Inc. January 2006 cagriCOM08 | Information Security
  • 4. Definition-II More detatiled one «Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively).» Ylonen & Lonvick Standards Track SSH Communications Security Corp wikipedia cagriCOM08 | Information Security
  • 5. Definition-III Structure cagriCOM08 | Information Security
  • 6. What SSH does SecureSHell handles the set up and generation of an encrypted TCP connection. cagriCOM08 | Information Security
  • 7. What SSH does: which means… ....... -SSH can handle secure remote logins (ssh) -SSH can handle secure file copy (scp) -SSH can even drive secure FTP (sftp) cagriCOM08 | Information Security
  • 8. Core SSH programs ssh client sshd server sftc transfer-line «if sshd is not running you will not be able to connect to it with ssh» cagriCOM08 | Information Security
  • 9. SSH Authentication Methods $ Password $ Public/private keypair $ Host-based authentication cagriCOM08 | Information Security
  • 10. I Password Authentication Example without SSH Keys Prompts for Password you server you server ssh sshd ssh sshd you> ssh mac-1 password: **** other> cagriCOM08 | Information Security
  • 11. II Key-pair Authentication Example without SSH Keys you server ssh sshd cagriCOM08 | Information Security
  • 12. II Key-pair Authentication Example without SSH Keys you ? server ssh sshd server> ssh –keygen First of all Generate keys cagriCOM08 | Information Security
  • 13. II Key-pair Authentication public/private key-pair you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
  • 14. II Key-pair Authentication public/private key-pair Private Key: id_rsa you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa.pub Private keys should be kept secret, do not share them with anyone cagriCOM08 | Information Security
  • 15. II Key-pair Authentication public/private key-pair Private Key: id_rsa Public Key: id_rsa.pub you you you ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.pub Private keys should be Public keys are meant to kept secret, do not be shared. share them with anyone cagriCOM08 | Information Security
  • 16. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub cagriCOM08 | Information Security
  • 17. II Key-pair Authentication public/private key-pair Copy Public Key to server you server ~/.ssh/id_rsa ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys cagriCOM08 | Information Security
  • 18. II Key-pair Authentication public/private key-pair No password required! you server ssh sshd you> ssh server other> cagriCOM08 | Information Security
  • 19. III Host-based Authentication • Doesn’t require user credentials (password or key) • Provides trust based on hostname and user id • User id on both system has to be the same • Disabled by default -- not that useful cagriCOM08 | Information Security
  • 20. SSH Basics Configuration Files [CF] Server CF Client CF sshd config: /etc/sshd_config ssh config: /etc/ssh_config system-side user-specific ssh config: ~/.ssh/config Based on installation method system config locations may vary. example: macports installs in /opt/local/etc/ssh/ cagriCOM08 | Information Security
  • 21. SSH Basics Secure Logins Login Example #1 Login Example #2 ssh user@example.com ssh example.com Login Example #3 Login Example #4 ssh -p 45000 example.com ssh example.com<command here> ssh example.com ls –l ssh example.com hostname cagriCOM08 | Information Security
  • 22. SSH Basics Agent / Key Forwarding Example without SSH Keys server-1 you server-2 cagriCOM08 | Information Security
  • 23. SSH Basics Agent / Key Forwarding you> ssh server-1 server-1 you> ssh server-1 password: you Password required server-2 cagriCOM08 | Information Security
  • 24. SSH Basics Agent / Key Forwarding you> ssh server-2 server-1 you> ssh server-2 password: you Password required server-2 cagriCOM08 | Information Security
  • 25. SSH Basics Agent / Key Forwarding [updated example] you to server-1 to server-2 you> ssh -keygen you server-1 Copy public key to Authorized_key ~/.ssh/authorized_keys on each remote host id_rsa.pub id_rsa server-2 Authorized_key cagriCOM08 | Information Security
  • 26. SSH Basics Agent / Key Forwarding you> ssh server-1 you> ssh server-1 server-1> you server-1 Success server-2 cagriCOM08 | Information Security
  • 27. SSH Basics Agent / Key Forwarding you> ssh server-2 you> ssh server-2 server-2> you server-1 Success server-2 cagriCOM08 | Information Security
  • 28. SSH Basics Agent / Key Forwarding you to server-1 to server-2 you> ssh server-1 server-1> you server-1 Success Authorized_key you> ssh server-2 id_rsa.pub password> id_rsa server-2 password required at Authorized_key the second step! cagriCOM08 | Information Security
  • 29. SSH Basics Enter Agent / Key Forwarding SSH Key Gets Forwarded you server-1 id_rsa.pub id_rsa server-2 cagriCOM08 | Information Security
  • 30. SSH Basics Enter Agent / Key Forwarding Command Line Agent Forwarding ssh -A example.com Use -A to explicitly turn off forwarding for a ssh session. cagriCOM08 | Information Security
  • 31. SSH Basics Port Forwarding Local Port Forwarding Example you server-1 server-2 sshd www Private Network cagriCOM08 | Information Security
  • 32. SSH Basics Port Forwarding you to www on server-2 you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
  • 33. SSH Basics Port Forwarding Can’t access server-2 directly you server-1 server-2 sshd www public IP local IP local IP Private Network cagriCOM08 | Information Security
  • 34. SSH Basics Port Forwarding With Local Port Forwarding you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
  • 35. SSH Basics Port Forwarding A Tunnel is Made! you server-1 server-2 sshd www public IP local IP local IP you> ssh -L 8000:server-2:80 server-1 server-1> success cagriCOM08 | Information Security
  • 36. SSH Basics Port Forwarding server-2 doesn’t have to run sshd you server-1 server-2 sshd www public IP local IP local IP cagriCOM08 | Information Security
  • 37. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport example.com localport is the port on your machine, host is the remote server to tunnel to, hostport is the port on the remote server to tunnel to cagriCOM08 | Information Security
  • 38. SSH Basics Port Forwarding Sharing Tunnel you server-1 server-2 sshd www public IP local IP local IP another you> ssh -L 8000:server-2:80 -g server-1 server-1> success cagriCOM08 | Information Security
  • 39. SSH Basics Port Forwarding Command Line Local Port Forwarding ssh -L localport:host:hostport -g example.com -g allows others to connect to your forwarded port cagriCOM08 | Information Security
  • 40. SSH Basics Port Forwarding Host Configured Host inspire.staging LocalForward 8000:server-2:80 Per-User ~/.ssh/config System-wide /etc/ssh_config Friday, September cagriCOM08 | Information Security
  • 41. SSH Basics Port Forwarding SSH Server has final say! AllowTcpForwarding no System-wide /etc/sshd_config Defaults to “yes” -- so pretty much ignore. cagriCOM08 | Information Security
  • 42. References SSHSecure Shell forWorkstations Windows Client version 3.2.9 User Manual Güvenli kanallardan iletişim ( SSH ) User Manual http://en.wikipedia.org/wiki/Secure_SHell http://en.wikipedia.org/wiki/Secure_channel http://doctus.org/forum.php?s=ec689fc4bdb4dd0cc895cbdbd298cc3b http://www.openssh.org/txt/ ftp://ftp.itu.edu.tr/Utility/SSH Secure Shell/ http://www.javakursu.net/sshnedir cagriCOM08 | Information Security